Security FAQ

Common questions about our security practices

All customer data is stored in the European Union (Ireland region) on AWS infrastructure. We do not transfer data outside the EU.

Data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption with AWS KMS-managed keys.

MFA support is coming in Q1 2026. We will support TOTP authenticator apps and recovery codes.

We perform automated daily backups with 7-day retention. Point-in-time recovery is available for the last 7 days.

We are currently working towards SOC 2 Type I certification with a target completion date of Q3 2026.

We have a formal Incident Response Plan. Critical incidents are addressed immediately, and affected customers are notified within 24-72 hours per GDPR/LGPD requirements.

Yes, you can export all your data at any time through the platform. We support standard formats like CSV and JSON.

We implement strict tenant isolation with organization-level data scoping. Each organization's data is completely isolated from others.

Not yet, but we welcome responsible disclosure. Please report security vulnerabilities to support@exo-team.com.

Enterprise customers can request security documentation by contacting support@exo-team.com. We provide security questionnaires and compliance documentation.

Still have questions?

Our team is here to help with any security or compliance questions.

Security FAQ

Where is my data stored?

How is my data encrypted?

Do you support Multi-Factor Authentication?

How often do you back up data?

Are you SOC 2 certified?

How do you handle security incidents?

Can I export my data?

How do you ensure data isolation between customers?

Do you have a bug bounty program?

How can I request a security review?

Still have questions?